For the better part of two decades, the direction of travel in enterprise technology has been clear: everything moves to the cloud. The rationale was simple; the cloud was cheaper, scalable and easier to manage. But, as artificial intelligence (AI) enters the enterprise mainstream, that long-standing assumption is starting to bend.
In certain areas, particularly where sensitive data is involved, companies are reconsidering how and where AI operates. Increasingly, they are exploring AI inside the firewall, running AI capabilities within their own on-premises controlled environments rather than relying entirely on cloud-based platforms.
We are seeing this shift clearly through the lens of human capital management (HCM) data. Across our platforms, more than two million employees interact with workforce systems every day through time clocks, biometric verification and workforce management tools. That vantage point offers a clear view into how organisations think about employee data, and why control over that data matters.
Trust is at the heart of AI adoption
The driver behind this shift is trust. Over the past year, AI tools from companies like OpenAI, Google and Anthropic have demonstrated extraordinary capabilities, from summarising complex documents to analysing data and accelerating decision-making across nearly every function of a business.
Yet alongside the excitement sits the persistent question of what happens to the data?
When organisations feed information into a cloud-based AI model, that data is, by definition, leaving their immediate environment. Even with strong assurances around privacy and training policies, many companies remain cautious about how sensitive information is processed and where it ultimately resides.
In regulated industries such as financial services, legal services and healthcare, caution is even more pronounced. These organisations hold vast quantities of confidential client data and strategic internal information. Any uncertainty around how that data is stored, processed or reused introduces potential legal, operational and reputational risks.
Sensitive data, sensitive decisions
HCM data sits in a similarly sensitive category. Consider the types of information contained within HCM systems: compensation structures, performance assessments, succession planning, workforce restructuring plans, disciplinary records and strategic hiring decisions. For many organisations, this information is arguably more sensitive than financial data. It is deeply personal, strategically important, and subject to stringent regulatory oversight.
As organisations explore AI applications in HR, from workforce planning to talent analytics, the question of data sovereignty quickly shoots to the top of the agenda. Simply put, businesses want to know exactly where their data sits, who can access it, and how it is being used.
Inside the firewall: a new frontier for AI
This is why many companies are now exploring ways to run AI models inside their own infrastructure or within tightly controlled internal networks. In these environments, sensitive datasets never leave the organisation’s control. In some ways, this represents a subtle reversal of the cloud migration that defined enterprise technology over the past 20 years. But this is less a retreat from the cloud than an evolution of how organisations balance innovation with risk.
Cyber security has always been a moving target. Throughout my career in technology, one consistent observation from security leaders has been that defences are always designed for threats that are still evolving. AI introduces another layer of complexity to that challenge.
The technology itself is advancing rapidly, and many organisations are still learning how to integrate it responsibly. Governance frameworks, model oversight and data management practices are still developing across the industry. Not surprisingly, many business leaders feel more comfortable adopting AI in environments where they retain the highest degree of visibility and control.
As Nvidia CEO Jensen Huang argues, we’re entering an era of ‘Hyper Moore’s Law’, with AI advancing faster than traditional computing cycles, and AI hardware becoming more powerful and more accessible. While the cloud still leads on performance, the gap is closing, and that shift is significant, as it brings in-house AI within financial reach and enables greater control, security and confidence over sensitive data.
This is why a hybrid model is beginning to emerge. Some AI capabilities will live in the cloud, drawing on the huge computing resources and large-scale models offered by major providers. Others will operate inside the organisation, embedded within internal systems and protected environments.
From biometric security to AI oversight
We know that this shift is less about technology architecture and more about organisational confidence. Businesses will only fully embrace AI when they trust it. And trust begins with knowing that the data underpinning these systems remains protected.
In the HCM space, that principle has always been fundamental. Biometric authentication, for example, relies on techniques such as template obfuscation to ensure that underlying personal data cannot be reconstructed or misused. The original biometric data is never stored in a usable form.
The same philosophy applies as AI becomes embedded in workforce management systems. If organisations are going to use AI to support workforce planning, analyse employee trends or optimise operations, they need absolute confidence in how that data is handled.
That is why we believe that the inside-the-firewall AI trend will become increasingly significant over the next 24 months, not because companies distrust AI itself, but because they see huge potential in it. However, they want to deploy it in ways that align with their responsibilities around data protection, governance and employee trust. In that sense, what we are witnessing is not a rejection of the cloud era, but the next stage of its evolution.